Overview

overview

10

Static

static

10

154de23ef3...21.exe

windows7-x64

10

154de23ef3...21.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    143s
  • max time network
    148s
  • platform
    windows7_x64
  • resource
    win7-20220812-en
  • resource tags

    arch:x64arch:x86image:win7-20220812-enlocale:en-usos:windows7-x64system
  • submitted
    13-01-2023 16:49

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    154de23ef3f3e9d60f16f372438bbb21.exe

  • Size

    32KB

  • MD5

    154de23ef3f3e9d60f16f372438bbb21

  • SHA1

    3746e1c08cb1a5d1e6ab027171f2225acf1a8f97

  • SHA256

    8688010ffa07da1ff2e930bc2ad3035f87157794538c8356d324459c9968d0f9

  • SHA512

    e9f7580f26fd1808202c9ae6d628f2db2d6d7b83c7da1aca54dedf7bbc2f265d0a9e1bfc56de3e80833fbc35820029ba9f735c05ad0466d8799e10507a605f8d

  • SSDEEP

    768:XEda2pzI7icyFK4JP7YSud6gfzsUwdgug5oJa2crh:XEdI7icyFvPVoGgX5o

Score
10/10
systembctrojan

Malware Config

Extracted

Family

systembc

C2

95.161.131.6:4001

45.153.240.152:4001

Signatures

  • SystemBC

    SystemBC is a proxy and remote administration tool first seen in 2019.

    trojansystembc
  • Executes dropped EXE 1 IoCs
  • Drops file in Windows directory 2 IoCs
  • Suspicious behavior: EnumeratesProcesses 1 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\154de23ef3f3e9d60f16f372438bbb21.exe
    "C:\Users\Admin\AppData\Local\Temp\154de23ef3f3e9d60f16f372438bbb21.exe"
    1⤵
    • Drops file in Windows directory
    • Suspicious behavior: EnumeratesProcesses
    PID:1372
  • C:\Windows\system32\taskeng.exe
    taskeng.exe {D474DD0E-36F7-4CB6-8245-B3BB176C4BEB} S-1-5-18:NT AUTHORITY\System:Service:
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:1488
    • C:\ProgramData\cixcgrl\dibotw.exe
      C:\ProgramData\cixcgrl\dibotw.exe start
      2⤵
      • Executes dropped EXE
      PID:996

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\ProgramData\cixcgrl\dibotw.exe
    Filesize

    32KB

    MD5

    154de23ef3f3e9d60f16f372438bbb21

    SHA1

    3746e1c08cb1a5d1e6ab027171f2225acf1a8f97

    SHA256

    8688010ffa07da1ff2e930bc2ad3035f87157794538c8356d324459c9968d0f9

    SHA512

    e9f7580f26fd1808202c9ae6d628f2db2d6d7b83c7da1aca54dedf7bbc2f265d0a9e1bfc56de3e80833fbc35820029ba9f735c05ad0466d8799e10507a605f8d

    Download Submit

  • C:\ProgramData\cixcgrl\dibotw.exe
    Filesize

    32KB

    MD5

    154de23ef3f3e9d60f16f372438bbb21

    SHA1

    3746e1c08cb1a5d1e6ab027171f2225acf1a8f97

    SHA256

    8688010ffa07da1ff2e930bc2ad3035f87157794538c8356d324459c9968d0f9

    SHA512

    e9f7580f26fd1808202c9ae6d628f2db2d6d7b83c7da1aca54dedf7bbc2f265d0a9e1bfc56de3e80833fbc35820029ba9f735c05ad0466d8799e10507a605f8d

    Download Submit

  • memory/996-56-0x0000000000000000-mapping.dmp

    Download

  • memory/1372-54-0x0000000075921000-0x0000000075923000-memory.dmp

    Filesize

    8KB

    Download